22550237931

Committed 01 Mar 2026 06:56PM UTC coverage: 64.812% (-8.9%) from 73.687%

Build # 22550237931

Build Type

Pull #14920

github

Committed by

web-flow

Commit Message

Merge e05854a6d into 90823fa90

Pull Request Pull Request #14920: draft: rust based configuration file parser and loader - v4

Run Details

561 of 789 new or added lines in 4 files covered. (71.1%)

23225 existing lines in 498 files now uncovered.

131605 of 203055 relevant lines covered (64.81%)

2328818.84 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.16

/src/detect-engine-inspect-buffer.c

/* Copyright (C) 2025 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 */

#include "suricata-common.h"
#include "detect-engine-inspect-buffer.h"
#include "detect.h"

#include "util-validate.h"

void InspectionBufferClean(DetectEngineThreadCtx *det_ctx)
{
    /* single buffers */
    for (uint32_t i = 0; i < det_ctx->inspect.to_clear_idx; i++) {
        const uint32_t idx = det_ctx->inspect.to_clear_queue[i];
        InspectionBuffer *buffer = &det_ctx->inspect.buffers[idx];
        buffer->inspect = NULL;
        buffer->initialized = false;
    }
    det_ctx->inspect.to_clear_idx = 0;

    /* multi buffers */
    for (uint32_t i = 0; i < det_ctx->multi_inspect.to_clear_idx; i++) {
        const uint32_t idx = det_ctx->multi_inspect.to_clear_queue[i];
        InspectionBufferMultipleForList *mbuffer = &det_ctx->multi_inspect.buffers[idx];
        for (uint32_t x = 0; x <= mbuffer->max; x++) {
            InspectionBuffer *buffer = &mbuffer->inspection_buffers[x];
            buffer->inspect = NULL;
            buffer->initialized = false;
        }
        mbuffer->init = 0;
        mbuffer->max = 0;
    }
    det_ctx->multi_inspect.to_clear_idx = 0;
}

InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
{
    return &det_ctx->inspect.buffers[list_id];
}

static InspectionBufferMultipleForList *InspectionBufferGetMulti(
        DetectEngineThreadCtx *det_ctx, const int list_id)
{
    InspectionBufferMultipleForList *buffer = &det_ctx->multi_inspect.buffers[list_id];
    if (!buffer->init) {
        det_ctx->multi_inspect.to_clear_queue[det_ctx->multi_inspect.to_clear_idx++] = list_id;
        buffer->init = 1;
    }
    return buffer;
}

/** \brief for a InspectionBufferMultipleForList get a InspectionBuffer
 *  \param fb the multiple buffer array
 *  \param local_id the index to get a buffer
 *  \param buffer the inspect buffer or NULL in case of error */
InspectionBuffer *InspectionBufferMultipleForListGet(
        DetectEngineThreadCtx *det_ctx, const int list_id, const uint32_t local_id)
{
    if (unlikely(local_id >= 1024)) {
        DetectEngineSetEvent(det_ctx, DETECT_EVENT_TOO_MANY_BUFFERS);
        return NULL;
    }

    InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id);

    if (local_id >= fb->size) {
        uint32_t old_size = fb->size;
        uint32_t new_size = local_id + 1;
        uint32_t grow_by = new_size - old_size;
        SCLogDebug("size is %u, need %u, so growing by %u", old_size, new_size, grow_by);

        SCLogDebug("fb->inspection_buffers %p", fb->inspection_buffers);
        void *ptr = SCRealloc(fb->inspection_buffers, (local_id + 1) * sizeof(InspectionBuffer));
        if (ptr == NULL)
            return NULL;

        InspectionBuffer *to_zero = (InspectionBuffer *)ptr + old_size;
        SCLogDebug("ptr %p to_zero %p", ptr, to_zero);
        memset((uint8_t *)to_zero, 0, (grow_by * sizeof(InspectionBuffer)));
        fb->inspection_buffers = ptr;
        fb->size = new_size;
    }

    fb->max = MAX(fb->max, local_id);
    InspectionBuffer *buffer = &fb->inspection_buffers[local_id];
    SCLogDebug("using buffer %p", buffer);
#ifdef DEBUG_VALIDATION
    buffer->multi = true;
#endif
    return buffer;
}

static inline void InspectionBufferApplyTransformsInternal(DetectEngineThreadCtx *det_ctx,
        InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
{
    if (transforms) {
        for (int i = 0; i < DETECT_TRANSFORMS_MAX; i++) {
            const int id = transforms->transforms[i].transform;
            if (id == 0)
                break;
            DEBUG_VALIDATE_BUG_ON(sigmatch_table[id].Transform == NULL);
            sigmatch_table[id].Transform(det_ctx, buffer, transforms->transforms[i].options);
            SCLogDebug("applied transform %s", sigmatch_table[id].name);
        }
    }
}

void InspectionBufferApplyTransforms(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer,
        const DetectEngineTransforms *transforms)
{
    InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms);
}

void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size)
{
    memset(buffer, 0, sizeof(*buffer));
    buffer->buf = SCCalloc(initial_size, sizeof(uint8_t));
    if (buffer->buf != NULL) {
        buffer->size = initial_size;
    }
}

/** \brief setup the buffer empty */
void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer)
{
#ifdef DEBUG_VALIDATION
    DEBUG_VALIDATE_BUG_ON(buffer->initialized);
    DEBUG_VALIDATE_BUG_ON(!buffer->multi);
#endif
    buffer->inspect = NULL;
    buffer->inspect_len = 0;
    buffer->len = 0;
    buffer->initialized = true;
}

/** \brief setup the buffer with our initial data */
void InspectionBufferSetupMulti(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer,
        const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len)
{
#ifdef DEBUG_VALIDATION
    DEBUG_VALIDATE_BUG_ON(!buffer->multi);
#endif
    buffer->inspect = buffer->orig = data;
    buffer->inspect_len = buffer->orig_len = data_len;
    buffer->len = 0;
    buffer->initialized = true;

    InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms);
}

static inline void InspectionBufferSetupInternal(DetectEngineThreadCtx *det_ctx, const int list_id,
        InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
{
#ifdef DEBUG_VALIDATION
    DEBUG_VALIDATE_BUG_ON(buffer->multi);
    DEBUG_VALIDATE_BUG_ON(buffer != InspectionBufferGet(det_ctx, list_id));
#endif
    if (buffer->inspect == NULL) {
#ifdef UNITTESTS
        if (det_ctx && list_id != -1)
#endif
            det_ctx->inspect.to_clear_queue[det_ctx->inspect.to_clear_idx++] = list_id;
    }
    buffer->inspect = buffer->orig = data;
    buffer->inspect_len = buffer->orig_len = data_len;
    buffer->len = 0;
    buffer->initialized = true;
}
/** \brief setup the buffer with our initial data */
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
        InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
{
    InspectionBufferSetupInternal(det_ctx, list_id, buffer, data, data_len);
}

/** \brief setup the buffer with our initial data */
void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id,
        InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len,
        const DetectEngineTransforms *transforms)
{
    InspectionBufferSetupInternal(det_ctx, list_id, buffer, data, data_len);
    InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms);
}

void InspectionBufferFree(InspectionBuffer *buffer)
{
    if (buffer->buf != NULL) {
        SCFree(buffer->buf);
    }
    memset(buffer, 0, sizeof(*buffer));
}

/**
 * \brief make sure that the buffer has at least 'min_size' bytes
 * Expand the buffer if necessary
 */
uint8_t *SCInspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
{
    if (likely(buffer->size >= min_size))
        return buffer->buf;

    uint32_t new_size = (buffer->size == 0) ? 4096 : buffer->size;
    while (new_size < min_size) {
        new_size *= 2;
    }

    void *ptr = SCRealloc(buffer->buf, new_size);
    if (ptr != NULL) {
        buffer->buf = ptr;
        buffer->size = new_size;
    } else {
        return NULL;
    }
    return buffer->buf;
}

void SCInspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len)
{
    DEBUG_VALIDATE_BUG_ON(buffer->buf == NULL);
    DEBUG_VALIDATE_BUG_ON(buf_len > buffer->size);
    buffer->inspect = buffer->buf;
    buffer->inspect_len = buf_len;
    buffer->initialized = true;
}

void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len)
{
    SCInspectionBufferCheckAndExpand(buffer, buf_len);

    if (buffer->size) {
        uint32_t copy_size = MIN(buf_len, buffer->size);
        memcpy(buffer->buf, buf, copy_size);
        buffer->inspect = buffer->buf;
        buffer->inspect_len = copy_size;
        buffer->initialized = true;
    }
}

1	/* Copyright (C) 2025 Open Information Security Foundation
2	*
3	* You can copy, redistribute or modify this Program under the terms of
4	* the GNU General Public License version 2 as published by the Free
5	* Software Foundation.
6	*
7	* This program is distributed in the hope that it will be useful,
8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10	* GNU General Public License for more details.
11	*
12	* You should have received a copy of the GNU General Public License
13	* version 2 along with this program; if not, write to the Free Software
14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15	* 02110-1301, USA.
16	*/
17
18	/**
19	* \file
20	*
21	* \author Victor Julien <victor@inliniac.net>
22	*/
23
24	#include "suricata-common.h"
25	#include "detect-engine-inspect-buffer.h"
26	#include "detect.h"
27
28	#include "util-validate.h"
29
30	void InspectionBufferClean(DetectEngineThreadCtx *det_ctx)
31	{	128,117,938✔
32	/* single buffers */
33	for (uint32_t i = 0; i < det_ctx->inspect.to_clear_idx; i++) {	128,138,644✔
34	const uint32_t idx = det_ctx->inspect.to_clear_queue[i];	20,706✔
35	InspectionBuffer *buffer = &det_ctx->inspect.buffers[idx];	20,706✔
36	buffer->inspect = NULL;	20,706✔
37	buffer->initialized = false;	20,706✔
38	}	20,706✔
39	det_ctx->inspect.to_clear_idx = 0;	128,117,938✔
40
41	/* multi buffers */
42	for (uint32_t i = 0; i < det_ctx->multi_inspect.to_clear_idx; i++) {	128,314,093✔
43	const uint32_t idx = det_ctx->multi_inspect.to_clear_queue[i];	196,155✔
44	InspectionBufferMultipleForList *mbuffer = &det_ctx->multi_inspect.buffers[idx];	196,155✔
45	for (uint32_t x = 0; x <= mbuffer->max; x++) {	449,645✔
46	InspectionBuffer *buffer = &mbuffer->inspection_buffers[x];	253,490✔
47	buffer->inspect = NULL;	253,490✔
48	buffer->initialized = false;	253,490✔
49	}	253,490✔
50	mbuffer->init = 0;	196,155✔
51	mbuffer->max = 0;	196,155✔
52	}	196,155✔
53	det_ctx->multi_inspect.to_clear_idx = 0;	128,117,938✔
54	}	128,117,938✔
55
56	InspectionBuffer InspectionBufferGet(DetectEngineThreadCtx det_ctx, const int list_id)
57	{	43,537✔
58	return &det_ctx->inspect.buffers[list_id];	43,537✔
59	}	43,537✔
60
61	static InspectionBufferMultipleForList *InspectionBufferGetMulti(
62	DetectEngineThreadCtx *det_ctx, const int list_id)
63	{	260,190✔
64	InspectionBufferMultipleForList *buffer = &det_ctx->multi_inspect.buffers[list_id];	260,190✔
65	if (!buffer->init) {	260,190✔
66	det_ctx->multi_inspect.to_clear_queue[det_ctx->multi_inspect.to_clear_idx++] = list_id;	196,155✔
67	buffer->init = 1;	196,155✔
68	}	196,155✔
69	return buffer;	260,190✔
70	}	260,190✔
71
72	/** \brief for a InspectionBufferMultipleForList get a InspectionBuffer
73	* \param fb the multiple buffer array
74	* \param local_id the index to get a buffer
75	* \param buffer the inspect buffer or NULL in case of error */
76	InspectionBuffer *InspectionBufferMultipleForListGet(
77	DetectEngineThreadCtx *det_ctx, const int list_id, const uint32_t local_id)
78	{	260,190✔
79	if (unlikely(local_id >= 1024)) {	260,190✔
80	DetectEngineSetEvent(det_ctx, DETECT_EVENT_TOO_MANY_BUFFERS);	×
81	return NULL;	×
82	}	×
83
84	InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id);	260,190✔
85
86	if (local_id >= fb->size) {	260,190✔
87	uint32_t old_size = fb->size;	5,295✔
88	uint32_t new_size = local_id + 1;	5,295✔
89	uint32_t grow_by = new_size - old_size;	5,295✔
90	SCLogDebug("size is %u, need %u, so growing by %u", old_size, new_size, grow_by);	5,295✔
91
92	SCLogDebug("fb->inspection_buffers %p", fb->inspection_buffers);	5,295✔
93	void ptr = SCRealloc(fb->inspection_buffers, (local_id + 1) sizeof(InspectionBuffer));	5,295✔
94	if (ptr == NULL)	5,295✔
95	return NULL;	×
96
97	InspectionBuffer to_zero = (InspectionBuffer )ptr + old_size;	5,295✔
98	SCLogDebug("ptr %p to_zero %p", ptr, to_zero);	5,295✔
99	memset((uint8_t )to_zero, 0, (grow_by sizeof(InspectionBuffer)));	5,295✔
100	fb->inspection_buffers = ptr;	5,295✔
101	fb->size = new_size;	5,295✔
102	}	5,295✔
103
104	fb->max = MAX(fb->max, local_id);	260,190✔
105	InspectionBuffer *buffer = &fb->inspection_buffers[local_id];	260,190✔
106	SCLogDebug("using buffer %p", buffer);	260,190✔
107	#ifdef DEBUG_VALIDATION
108	buffer->multi = true;
109	#endif
110	return buffer;	260,190✔
111	}	260,190✔
112
113	static inline void InspectionBufferApplyTransformsInternal(DetectEngineThreadCtx *det_ctx,
114	InspectionBuffer buffer, const DetectEngineTransforms transforms)
115	{	48,008✔
116	if (transforms) {	48,008✔
117	for (int i = 0; i < DETECT_TRANSFORMS_MAX; i++) {	46,665✔
118	const int id = transforms->transforms[i].transform;	46,665✔
119	if (id == 0)	46,665✔
120	break;	38,779✔
121	DEBUG_VALIDATE_BUG_ON(sigmatch_table[id].Transform == NULL);	7,886✔
122	sigmatch_table[id].Transform(det_ctx, buffer, transforms->transforms[i].options);	7,886✔
123	SCLogDebug("applied transform %s", sigmatch_table[id].name);	7,886✔
124	}	7,886✔
125	}	38,779✔
126	}	48,008✔
127
128	void InspectionBufferApplyTransforms(DetectEngineThreadCtx det_ctx, InspectionBuffer buffer,
129	const DetectEngineTransforms *transforms)
130	{	670✔
131	InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms);	670✔
132	}	670✔
133
134	void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size)
135	{	×
136	memset(buffer, 0, sizeof(*buffer));	×
137	buffer->buf = SCCalloc(initial_size, sizeof(uint8_t));	×
138	if (buffer->buf != NULL) {	×
139	buffer->size = initial_size;	×
140	}	×
141	}	×
142
143	/** \brief setup the buffer empty */
144	void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer)
145	{	223,932✔
146	#ifdef DEBUG_VALIDATION
147	DEBUG_VALIDATE_BUG_ON(buffer->initialized);
148	DEBUG_VALIDATE_BUG_ON(!buffer->multi);
149	#endif
150	buffer->inspect = NULL;	223,932✔
151	buffer->inspect_len = 0;	223,932✔
152	buffer->len = 0;	223,932✔
153	buffer->initialized = true;	223,932✔
154	}	223,932✔
155
156	/** \brief setup the buffer with our initial data */
157	void InspectionBufferSetupMulti(DetectEngineThreadCtx det_ctx, InspectionBuffer buffer,
158	const DetectEngineTransforms transforms, const uint8_t data, const uint32_t data_len)
159	{	27,348✔
160	#ifdef DEBUG_VALIDATION
161	DEBUG_VALIDATE_BUG_ON(!buffer->multi);
162	#endif
163	buffer->inspect = buffer->orig = data;	27,348✔
164	buffer->inspect_len = buffer->orig_len = data_len;	27,348✔
165	buffer->len = 0;	27,348✔
166	buffer->initialized = true;	27,348✔
167
168	InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms);	27,348✔
169	}	27,348✔
170
171	static inline void InspectionBufferSetupInternal(DetectEngineThreadCtx *det_ctx, const int list_id,
172	InspectionBuffer buffer, const uint8_t data, const uint32_t data_len)
173	{	20,706✔
174	#ifdef DEBUG_VALIDATION
175	DEBUG_VALIDATE_BUG_ON(buffer->multi);
176	DEBUG_VALIDATE_BUG_ON(buffer != InspectionBufferGet(det_ctx, list_id));
177	#endif
178	if (buffer->inspect == NULL) {	20,706✔
179	#ifdef UNITTESTS
180	if (det_ctx && list_id != -1)
181	#endif
182	det_ctx->inspect.to_clear_queue[det_ctx->inspect.to_clear_idx++] = list_id;	20,706✔
183	}	20,706✔
184	buffer->inspect = buffer->orig = data;	20,706✔
185	buffer->inspect_len = buffer->orig_len = data_len;	20,706✔
186	buffer->len = 0;	20,706✔
187	buffer->initialized = true;	20,706✔
188	}	20,706✔
189	/** \brief setup the buffer with our initial data */
190	void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
191	InspectionBuffer buffer, const uint8_t data, const uint32_t data_len)
192	{	716✔
193	InspectionBufferSetupInternal(det_ctx, list_id, buffer, data, data_len);	716✔
194	}	716✔
195
196	/** \brief setup the buffer with our initial data */
197	void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id,
198	InspectionBuffer buffer, const uint8_t data, const uint32_t data_len,
199	const DetectEngineTransforms *transforms)
200	{	19,990✔
201	InspectionBufferSetupInternal(det_ctx, list_id, buffer, data, data_len);	19,990✔
202	InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms);	19,990✔
203	}	19,990✔
204
205	void InspectionBufferFree(InspectionBuffer *buffer)
206	{	14,947,377✔
207	if (buffer->buf != NULL) {	14,947,377✔
208	SCFree(buffer->buf);	1,360✔
209	}	1,360✔
210	memset(buffer, 0, sizeof(*buffer));	14,947,377✔
211	}	14,947,377✔
212
213	/**
214	* \brief make sure that the buffer has at least 'min_size' bytes
215	* Expand the buffer if necessary
216	*/
217	uint8_t SCInspectionBufferCheckAndExpand(InspectionBuffer buffer, uint32_t min_size)
218	{	5,384✔
219	if (likely(buffer->size >= min_size))	5,384✔
220	return buffer->buf;	3,986✔
221
222	uint32_t new_size = (buffer->size == 0) ? 4096 : buffer->size;	1,398✔
223	while (new_size < min_size) {	1,596✔
224	new_size *= 2;	198✔
225	}	198✔
226
227	void *ptr = SCRealloc(buffer->buf, new_size);	1,398✔
228	if (ptr != NULL) {	1,398✔
229	buffer->buf = ptr;	1,398✔
230	buffer->size = new_size;	1,398✔
231	} else {	1,398✔
UNCOV 232	return NULL;	×
UNCOV 233	}	×
234	return buffer->buf;	1,398✔
235	}	1,398✔
236
237	void SCInspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len)
238	{	5,184✔
239	DEBUG_VALIDATE_BUG_ON(buffer->buf == NULL);	5,184✔
240	DEBUG_VALIDATE_BUG_ON(buf_len > buffer->size);	5,184✔
241	buffer->inspect = buffer->buf;	5,184✔
242	buffer->inspect_len = buf_len;	5,184✔
243	buffer->initialized = true;	5,184✔
244	}	5,184✔
245
246	void InspectionBufferCopy(InspectionBuffer buffer, uint8_t buf, uint32_t buf_len)
247	{	168✔
248	SCInspectionBufferCheckAndExpand(buffer, buf_len);	168✔
249
250	if (buffer->size) {	168✔
251	uint32_t copy_size = MIN(buf_len, buffer->size);	168✔
252	memcpy(buffer->buf, buf, copy_size);	168✔
253	buffer->inspect = buffer->buf;	168✔
254	buffer->inspect_len = copy_size;	168✔
255	buffer->initialized = true;
256	}	168✔
257	}	168✔

OISF / suricata / 22550237931

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous